search

appwrite / sdk-for-web

[READ-ONLY] Official Appwrite Web SDK ๐Ÿงก
https://appwrite.io
BSD 3-Clause "New" or "Revised" License
271 stars 58 forks source link

๐Ÿš€ Feature: Option to disable Cookies #71

Closed mariusbolik closed 2 months ago

mariusbolik commented 10 months ago

๐Ÿ”– Feature description

You should add an option to disable cookies and use local storage instead.

// Init your Web SDK
const client = new Client();

client
    .setEndpoint('http://localhost/v1') // Your Appwrite Endpoint
    .setProject('455x34dfkj') // Your project ID
    .useCookies(false)
;

๐ŸŽค Pitch

By providing an option to disable cookies and use local storage instead can help developers comply with EU data protection laws (GDPR), respect user privacy preferences, enhance privacy control, improve performance, and ensure cross-domain compatibility. By considering these factors, the SDK can offer a more versatile and privacy-conscious solution for web application development.

๐Ÿ‘€ Have you spent some time to check if this issue has been raised before?

๐Ÿข Have you read the Code of Conduct?

gewenyu99 commented 9 months ago

@mariusbolik I'm not an expert on GDPR, but one issue I see is session cookies. What does "disabling cookies" entail? All cookies? Non-essential cookies?

eldadfux commented 2 months ago

GDPR does not forbid the use of cookies; rather, it imposes regulations on how personal data, including data collected via cookies, must be handled. According to GDPR, any information that can be used to identify an individual directly or indirectly is considered personal data. This means that cookies, which can often be used to track individuals across websites and services, fall under the scope of GDPR.

Not all cookies are treated equally under GDPR. There's a distinction made between cookies that are strictly necessary for the operation of a site (often referred to as "functional cookies") and those that are not (such as tracking cookies used for targeted advertising). Functional cookies are essential for basic website functions and services, such as keeping a user logged in during a session or ensuring secure transactions. Because these cookies are considered necessary for the provision of the service explicitly requested by the user, they are generally allowed without requiring prior consent from the user.

The only cookie Appwrite sets for your end users is a cookie that stores the user session in order to know if the user is logged in or not.

and... yeh just for the sake of it, this is not a legal advice.